Chairs

• We need to formally decide if we are going to revise the charter to specify that goal of the Task Force is a specification to standardize how to include a VID in an X.509 certificate. This specification would also explain how the CA signature on the cert creates a three-way binding between the VID, the public key, and the other identifying information in the cert.

ACTION (who?): Leave a signpost stating why we do not believe creating a DID from X.509 is viable.

Summary of recent discussions about how to express a VID in an X.509:

• Cross-linking: Andre Kudra working Working with GLEIF on how to link a DID to an LEI (and vice versa). How to prove control over an LEI in a DID. Potential methods:
  • Challenge the DID holder via credential issuance as this is most easily to be accomplished with existing agents.
  • ISO standard 17442-2 describes how to place an LEI into an X.509. Some CAs are eligible to issue X.509s that are thus annotated. 2 CAs are available in EU which can issue such X.509s.
  • Could put a signature from the X.509 into the DID document to link control. Put fully qualified DID name into DID document and sign with X.509.
  • Or sign (with the X.509) the DID document as a whole and put signature as a data artifact adjacent to the DID document.
  • esatus currently working with GLEIF on an experiment to vet the above approaches.

• Cross-validation:  Tim Bouma and Jacques Latour worked with DHS and CIRA to vet high-assurance did:web approach using DNS-SEC. Striving . "2FA for DIDs." Striving to avoid dependency on specific CAs. Most important goal was to map a human-readable identifier to public key. Largely successful at layering higher security level over existing did:web standard. Could use did:web to map a URI to public key material. Paper released earlier this year that describes how to do this. (Quick version: Using DNS-SEC and DID document integrity standard.)

Rough draft of new charter: How to build a high-assurance, human-readable DID with links to existing infrastructure (i.e. X.509 / DNS infrastructure).

With the revised charter, Eric Scouten has indicated that the direct alignment with his work priorities does not permit him to continue in a chair role. However Drummond Reed is willing to continue as the importance of this new charter to building a bridge between the X.509 trust model and the DID trust model is very important to his work. 

So we would like to invite new co-chairs who would like to pursue this new charter.

Possible new co-chairs (each checking on availability, given other communities): Andre Kudra , Jacques Latour , Tim Bouma . Also, reach out to contacts at CAs.